-
Notifications
You must be signed in to change notification settings - Fork 215
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Allow restricting the creation of resources
Signed-off-by: Jens Reimann <jreimann@redhat.com> Co-authored-by: Thomas Jaeckle <thomas.jaeckle@bosch.io>
- Loading branch information
Showing
24 changed files
with
991 additions
and
95 deletions.
There are no files selected for viewing
90 changes: 90 additions & 0 deletions
90
...e/src/main/java/org/eclipse/ditto/concierge/service/common/CreationRestrictionConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
/* | ||
* Copyright (c) 2021 Contributors to the Eclipse Foundation | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information regarding copyright ownership. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License 2.0 which is available at | ||
* http://www.eclipse.org/legal/epl-2.0 | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
*/ | ||
package org.eclipse.ditto.concierge.service.common; | ||
|
||
import java.util.List; | ||
import java.util.Set; | ||
import java.util.regex.Pattern; | ||
|
||
import javax.annotation.concurrent.Immutable; | ||
|
||
import org.eclipse.ditto.internal.utils.config.KnownConfigValue; | ||
|
||
/** | ||
* Provides configuration settings for an entry of restricting the creation of entities. | ||
*/ | ||
@Immutable | ||
public interface CreationRestrictionConfig { | ||
|
||
/** | ||
* The list of resource types this entry applies to. | ||
* An empty list would match any. | ||
* | ||
* @return the list of values | ||
*/ | ||
Set<String> getResourceTypes(); | ||
|
||
/** | ||
* The list of namespace {@link Pattern}s this entry applies to. | ||
* An empty list would match any. The pattern must match the full string. | ||
* | ||
* @return the list of values | ||
*/ | ||
List<Pattern> getNamespace(); | ||
|
||
/** | ||
* The list of authentication subject {@link Pattern}s this entry applies to. | ||
* An empty list would match any. | ||
* | ||
* @return the list of values | ||
*/ | ||
List<Pattern> getAuthSubject(); | ||
|
||
/** | ||
* An enumeration of the known config path expressions and their associated default values for | ||
* {@code CreationRestrictionConfig}. | ||
*/ | ||
enum CreationRestrictionConfigValues implements KnownConfigValue { | ||
/** | ||
* Matching resource types. | ||
*/ | ||
RESOURCE_TYPES("resource-types", Set.of()), | ||
/** | ||
* Matching namespaces, supports wildcards. | ||
*/ | ||
NAMESPACES("namespaces", Set.of()), | ||
/** | ||
* Matching auth subjects. | ||
*/ | ||
AUTH_SUBJECTS("auth-subjects", Set.of()); | ||
|
||
private final String path; | ||
private final Object defaultValue; | ||
|
||
CreationRestrictionConfigValues(final String thePath, final Object theDefaultValue) { | ||
path = thePath; | ||
defaultValue = theDefaultValue; | ||
} | ||
|
||
@Override | ||
public String getConfigPath() { | ||
return path; | ||
} | ||
|
||
@Override | ||
public Object getDefaultValue() { | ||
return defaultValue; | ||
} | ||
|
||
} | ||
} |
105 changes: 105 additions & 0 deletions
105
...ain/java/org/eclipse/ditto/concierge/service/common/DefaultCreationRestrictionConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
/* | ||
* Copyright (c) 2021 Contributors to the Eclipse Foundation | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information regarding copyright ownership. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License 2.0 which is available at | ||
* http://www.eclipse.org/legal/epl-2.0 | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
*/ | ||
package org.eclipse.ditto.concierge.service.common; | ||
|
||
import com.typesafe.config.Config; | ||
import org.eclipse.ditto.internal.utils.config.ConfigWithFallback; | ||
import org.eclipse.ditto.rql.query.LikeHelper; | ||
|
||
import javax.annotation.concurrent.Immutable; | ||
import java.util.List; | ||
import java.util.Objects; | ||
import java.util.Set; | ||
import java.util.regex.Pattern; | ||
import java.util.stream.Collectors; | ||
|
||
/** | ||
* This class implements {@link CreationRestrictionConfig} for Ditto's Concierge service. | ||
*/ | ||
@Immutable | ||
public class DefaultCreationRestrictionConfig implements CreationRestrictionConfig { | ||
|
||
private static final String RESOURCE_TYPES_CONFIG_PATH = "resource-types"; | ||
private static final String NAMESPACES_CONFIG_PATH = "namespaces"; | ||
private static final String AUTH_SUBJECTS_CONFIG_PATH = "auth-subjects"; | ||
|
||
private final Set<String> resourceTypes; | ||
private final List<Pattern> namespacePatterns; | ||
private final List<Pattern> authSubjectPatterns; | ||
|
||
private DefaultCreationRestrictionConfig(final ConfigWithFallback configWithFallback) { | ||
this.resourceTypes = Set.copyOf(configWithFallback.getStringList(RESOURCE_TYPES_CONFIG_PATH)); | ||
this.namespacePatterns = compile(List.copyOf(configWithFallback.getStringList(NAMESPACES_CONFIG_PATH))); | ||
this.authSubjectPatterns = compile(List.copyOf(configWithFallback.getStringList(AUTH_SUBJECTS_CONFIG_PATH))); | ||
} | ||
|
||
private static List<Pattern> compile(List<String> patterns) { | ||
return patterns.stream() | ||
.map(expression -> Pattern.compile(LikeHelper.convertToRegexSyntax(expression))) | ||
.collect(Collectors.toUnmodifiableList()); | ||
} | ||
|
||
/** | ||
* Returns an instance of {@code DefaultCreationRestrictionConfig} based on the settings of the specified Config. | ||
* | ||
* @param config is supposed to provide the settings of the restriction config. | ||
* @return the instance. | ||
* @throws org.eclipse.ditto.internal.utils.config.DittoConfigError if {@code config} is invalid. | ||
*/ | ||
public static DefaultCreationRestrictionConfig of(final Config config) { | ||
return new DefaultCreationRestrictionConfig(ConfigWithFallback.newInstance(config, | ||
CreationRestrictionConfig.CreationRestrictionConfigValues.values())); | ||
} | ||
|
||
@Override | ||
public Set<String> getResourceTypes() { | ||
return resourceTypes; | ||
} | ||
|
||
@Override | ||
public List<Pattern> getNamespace() { | ||
return namespacePatterns; | ||
} | ||
|
||
public List<Pattern> getAuthSubject() { | ||
return authSubjectPatterns; | ||
} | ||
|
||
@Override | ||
public boolean equals(Object o) { | ||
if (this == o) { | ||
return true; | ||
} | ||
if (o == null || getClass() != o.getClass()) { | ||
return false; | ||
} | ||
DefaultCreationRestrictionConfig that = (DefaultCreationRestrictionConfig) o; | ||
return resourceTypes.equals(that.resourceTypes) | ||
&& namespacePatterns.equals(that.namespacePatterns) | ||
&& authSubjectPatterns.equals(that.authSubjectPatterns); | ||
} | ||
|
||
@Override | ||
public int hashCode() { | ||
return Objects.hash(resourceTypes, namespacePatterns, authSubjectPatterns); | ||
} | ||
|
||
@Override | ||
public String toString() { | ||
return getClass().getSimpleName() + " [" + | ||
"resourceTypes=" + resourceTypes + | ||
", namespacePatterns=" + namespacePatterns + | ||
", authSubjectPatterns=" + authSubjectPatterns + | ||
']'; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
92 changes: 92 additions & 0 deletions
92
...src/main/java/org/eclipse/ditto/concierge/service/common/DefaultEntityCreationConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
/* | ||
* Copyright (c) 2021 Contributors to the Eclipse Foundation | ||
* | ||
* See the NOTICE file(s) distributed with this work for additional | ||
* information regarding copyright ownership. | ||
* | ||
* This program and the accompanying materials are made available under the | ||
* terms of the Eclipse Public License 2.0 which is available at | ||
* http://www.eclipse.org/legal/epl-2.0 | ||
* | ||
* SPDX-License-Identifier: EPL-2.0 | ||
*/ | ||
package org.eclipse.ditto.concierge.service.common; | ||
|
||
import java.util.List; | ||
import java.util.Objects; | ||
import java.util.stream.Collectors; | ||
|
||
import javax.annotation.concurrent.Immutable; | ||
|
||
import org.eclipse.ditto.internal.utils.config.ConfigWithFallback; | ||
import org.eclipse.ditto.internal.utils.config.ScopedConfig; | ||
|
||
import com.typesafe.config.Config; | ||
|
||
/** | ||
* This class implements {@link EntityCreationConfig} for Ditto's Concierge service. | ||
*/ | ||
@Immutable | ||
public class DefaultEntityCreationConfig implements EntityCreationConfig { | ||
|
||
private static final String CONFIG_PATH = "entity-creation"; | ||
|
||
private final List<CreationRestrictionConfig> grant; | ||
private final List<CreationRestrictionConfig> revoke; | ||
|
||
private DefaultEntityCreationConfig(final ScopedConfig config) { | ||
grant = config.getConfigList(ConfigValue.GRANT.getConfigPath()).stream() | ||
.map(DefaultCreationRestrictionConfig::of) | ||
.collect(Collectors.toUnmodifiableList()); | ||
revoke = config.getConfigList(ConfigValue.REVOKE.getConfigPath()).stream() | ||
.map(DefaultCreationRestrictionConfig::of) | ||
.collect(Collectors.toUnmodifiableList()); | ||
} | ||
|
||
/** | ||
* Returns an instance of {@code DefaultEntityCreationConfig} based on the settings of the specified Config. | ||
* | ||
* @param config is supposed to provide the settings of the entity creation config at {@value #CONFIG_PATH}. | ||
* @return the instance. | ||
* @throws org.eclipse.ditto.internal.utils.config.DittoConfigError if {@code config} is invalid. | ||
*/ | ||
public static DefaultEntityCreationConfig of(final Config config) { | ||
return new DefaultEntityCreationConfig( | ||
ConfigWithFallback.newInstance(config, CONFIG_PATH, EntityCreationConfig.ConfigValue.values())); | ||
} | ||
|
||
@Override | ||
public List<CreationRestrictionConfig> getGrant() { | ||
return grant; | ||
} | ||
|
||
@Override | ||
public List<CreationRestrictionConfig> getRevoke() { | ||
return revoke; | ||
} | ||
|
||
@Override | ||
public boolean equals(Object o) { | ||
if (this == o) { | ||
return true; | ||
} | ||
if (o == null || getClass() != o.getClass()) { | ||
return false; | ||
} | ||
DefaultEntityCreationConfig that = (DefaultEntityCreationConfig) o; | ||
return grant.equals(that.grant) && revoke.equals(that.revoke); | ||
} | ||
|
||
@Override | ||
public int hashCode() { | ||
return Objects.hash(grant, revoke); | ||
} | ||
|
||
@Override | ||
public String toString() { | ||
return getClass().getSimpleName() + " [" + | ||
"grant=" + grant + | ||
", revoke=" + revoke + | ||
']'; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.